What is HDFC Banking Fraud Message?

Have you received a suspicious text message from an unknown number regarding the status of your bank account asking you to click on a link or provide personal information? If so, you may have been the target of a phishing SMS scam.

Recently, several people have reported receiving a phishing SMS in the name of HDFC Bank that claims either their bank account or net banking is about to be blocked. Fraudsters are sending out fake messages, appearing to come from an HDFC Bank, urging the customers to click on a link to update their PAN card for KYC.

Several people, including prominent journalists, have shared screenshots of these fraud messages on social media. The SMS reads as follows:

Dear HDFC Customer Your HDFC Account/Netbanking will be [block] today. Please update you pan card and complete your KYC now [.] click here (link). HDFC TM


Taking stock of the growing complaints of phishing attacks, HDFC Bank alerted its customers by urging them not to click on links or respond to messages from unknown numbers asking for their PAN, KYC, or other banking information. Because fraudsters may try to use HDFC Bank’s name and logo to deceive, the bank cautioned in a tweet. 

The bank advised to check that messages from HDFC Bank come from the official ID and domain & links start with 

While responding to a tweet from a customer, the bank clarified that HDFC Bank will always send messages from their official ID HDFCBK/HDFCBN, and links in these messages will always be under the http://hdfcbk.io domain. 

Warning against sharing confidential details with anyone, it further explained that the bank would never ask for PAN details, OTP, UPI, VPA/MPIN, Customer ID & Password, Card No, ATM PIN & CVV. 

How does Banking SMS Phishing Scam operate? 

It all starts with sending fraudulent text messages to people to trick them into revealing personal or financial information. The messages are designed to look like they are from a legitimate bank.

The SMS phishing message typically informs the recipient that their bank account is about to be blocked or has been compromised, and they need to take immediate action to resolve the issue. It often prompts the recipient to act quickly.

As you can see in the below message, it mentions account will be blocked “today” or suspended in “1 hour”

The message may include a link or a phone number to call to resolve the problem. However, these links or phone numbers are fake and lead to a fraudulent website or a scammer who pretends to be a representative of the bank.

Once you click on the link or call the provided number, they are often asked to provide personal and financial information such as bank account numbers, passwords, and other sensitive details. The scammers then use this information to steal money.

You can see there is a link given in the fake messages above. Once you click on them, you are taken to an imposter webpage that may appear to be a legitimate bank website. However, in the case of the screenshots mentioned above, many of the links provided have already been identified as deceptive and dangerous, and have been taken down.

You can notice that the URL of this fraudulent website is hdfcses.xyz. No real bank website will ever have ‘xyz’ as the official domain. The real URL of HDFC Bank is https://www.hdfcbank.com/

How to Spot Phishing SMS?

If you notice any of these signs in messages related to banks, do not click on any links or provide any personal information. 

1. Call to take immediate action.

2. Malicious links that are suspicious or not secure. 

3. Ask you to provide personal and financial details.

4. Message received from an unknown number.

5. Contain typos, grammatical errors, or unusual language. 

For example, the below message says Account will be block instead of Account will be blocked.

How to Report Banking Phishing Scam?

If you are a victim of a banking phishing scam and you lost money from your bank account, inform your bank immediately by calling customer care or visiting the nearest branch. You can find a list of bank customer care helplines here.

According to the Reserve Bank of India (RBI), the bank has to resolve your complaint within 90 days from the date of receipt. If the transaction has happened because of your negligence, that is, because of your sharing your password, PIN, OTP, you will have to bear the loss till you report it to your bank.

If the fraudulent transactions continue even after you have informed the bank, your bank will have to reimburse those amounts. If you delay the reporting, your loss will increase and it will be decided based on the RBI guidelines and the policy approved by your bank’s board. For more details, give a missed call on 14440.

If you contacted your bank to report the fraudulent transaction and didn’t get a response, file a complaint to the RBI Ombudsman. You can also register a bank fraud complaint at https://www.cybercrime.gov.in/ or go to the local police station. You can read detailed tips here about reporting bank fraud.

Share your love
Media Literacy Team
Media Literacy Team
Articles: 36

Leave a Reply

Your email address will not be published. Required fields are marked *